WireGuard lives!
-
@theonemcdonald i know how to create the gateway and set the rule in the firewall to go to the specific gateway, or am i missing something else?
-
@chrisjmuk What VPN provider are you using?
-
Mullvad VPN - used before on pfSense 1.5.1 Dev
These are my settings - i have removed the keys on purpose and will change.
-
@chrisjmuk I will get a mullvad subscription to test
-
@theonemcdonald its free for 24 hours.
also getting this error
Crash report begins. Anonymous machine information: amd64 12.2-STABLE FreeBSD 12.2-STABLE devel-12-n226623-ba553ae641b5 pfSense Crash report details: PHP Errors: [05-May-2021 14:07:00 Etc/UTC] PHP Warning: Invalid argument supplied for foreach() in /usr/local/www/wg/vpn_wg_peers_edit.php on line 259 No FreeBSD crash data found. -
@chrisjmuk This has been fixed, will be in the next release.
-
For anyone having issues with Mullad,
Make sure your gateway is the same as your interface address
-
@theonemcdonald still no luck unfortuantly on my side. are you able to give me a quick message?
-
@chrisjmuk I just get got it setup and working fine.
Here is what I did.
- download zip file for the config from mullvad
- create tunnels and peers. (the conf in the zip file contains the tunnel private key, and public key for peer, the pfsense ui will generate the tunnel public key automatically)
- create interface MULL_WG with Interface Address 10.x.x.x/32, create a gateway at the same time for that same IP.
- create outbound NAT, set interface to MULL_WG and source / dest to any
- firewall rules to do policy based routing.
-
@vajonam Thank you, that done the trick - all working now, i will set my self as a regular sponsor for your github.
-
Hi! I setup pfSense 2.6 on my Hyper-V lab and was able to get setup a Wireguard tunnel with TorGuard. Looks promising! I did notice a little more cpu load then I expected when running speedtests but I was able to utilize my 100Mbit internet connection.
WGTUN Interface (opt1, tun_wg0) Status up IPv4 Address 10.13.XX.XX Subnet mask IPv4 255.255.255.0 Gateway IPv4 10.13.XX.XX MTU 1500 In/out packets 509239/443583 (536.63 MiB/360.12 MiB) In/out packets (pass) 509239/443583 (536.63 MiB/360.12 MiB) In/out packets (block) 0/0 (0 B/0 B) In/out errors 0/0 Collisions 0
-
@vjizzle There is still optimization gains to be realized yet in the kernel module...primarily around the crypto. We will track all ongoing development on all fronts to keep this fresh and current. Stay tuned
-
@theonemcdonald Hi! Just to clarify, will this be available in pfSense 2.5.1 Package Manager ?
-
@emikaadeo said in WireGuard lives!:
@theonemcdonald Hi! Just to clarify, will this be available in pfSense 2.5.1 Package Manager ?
Not currently as it's not recommended for stable. So if you want to run it on 2.5.x, download the packages from GitHub and install it manually.
-
@emikaadeo I am currently just using the Dev build 1.6.xxxx and just install the package via the package manager and seems to work great.
-
@vjizzle i am using the same and this is my CPU spec and i am only using 3% on idle but does jump to 40% on a speed which it would normally even without the wireguard.
Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Current: 1826 MHz, Max: 1827 MHz
4 CPUs: 1 package(s) x 4 core(s) -
@chrisjmuk think you mean 2.6.xx ?
-
@chrisjmuk I have the following specs on my testlab pfSense 2.6:
CPU Type Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
2 CPUs: 1 package(s) x 1 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (inactive)
QAT Crypto: NoThe load does not bother me that much, my main pfSense is a core i5 beast :) so no worries there. But by the time this is ready for production I expect it to be better optimized for performance. The developer said there will be tweaks and tuning.
-
Downloaded packages from GitHub and installed manually v0.0.9 on 2.5.1-RELEASE (amd64) in this order:
wireguard-kmod-0.0.20210503.txz wireguard-tools-lite-1.0.20210424.txz pfSense-pkg-WireGuard-0.0.9.txzWorks great so far (using Mullvad VPN)
Is there any best/safe method to upgrade packages when new versions will be available? -
So if i update to 2.5.1 i need to manually install the package?
